*) ospf - fixed Summary-LSA prefix length check for OSPFv3, was not
accepting valid LSAs;
*) certificates - fix broken certificate handling (bug introduced in rc8) in all related programs;
*) fixed - bgp tcp-md5-key crash on CCR;
*) fixed interfaces list sometimes showing up empty;
*) fixed - ip addrs could be inactive for some types of interfaces which are added as bridge ports and disabled;
_Note for Cloud Core Router users: after upgrading, please also upgrade the RouterBOOT with the console command “/system routerboard upgrade”
This is a highly recommended upgrade for all CCR series users. First upload this file, then run command: http://www.mikrotik.com/download/share/tilegx_3_04_2.fwf_
Sure, but if you add “KiB” at the end (that it is what “/ip dns export verbose” outputs), the command is not accepted, it’s a (small but annoying) bug.
Any chance that 6rd is going to find its way into one of the RouterOS v6 RC builds? at&t and many large ISPs like it are now using 6rd to deploy IPv6. Not having it in RouterOS is a big issue for our clients that use RouterOS on the edge.
Upgraded a point to point nstreme link from 6.0rc6 to rc9. One end used RB433 and the other used an Alix board (x86). Both with R52Hn cards. Link is set up using VPLS over a AP to Station link. AES encryption.
The RB433 looks fine with about 2% CPU, but the Alix board jumped up to 80% CPU. Under rc6 cpu load on the Alix board was about 5% with traffic. Sending about 15Mbps. Nothing too complex.
We don’t have many Alix systems anymore, but it might be something you want to look at.
"Important! The backup file contains sensitive information, do not store your backup files inside the router’s Files directory, instead, download them, and keep them in a secure location. "
Citation from: http://wiki.mikrotik.com/wiki/Manual:Configuration_Management
imagine me breaking into your tower somewhere “in the woods” and stealing your microtik
I will gain access to your network and I will also gain access to all your routers because of same password used everywhere.
It will take me 5 minutes to scan your network for unpatched windows and by using some script kiddy tool like metasploit to hack a few customers in few hours, stealing their data.
This is how a WISP can be put out of service in one dark night…
In security once you have physical access it’s game over, Also this requires you to extract the file from the flash of an RB or the HDD of a x86 box (Alot easier on x86)
The winbox entry is interesting but again requires a compromised PC at which point it’s just time. It’s another attack vector that requires social engineering to exploit and it’s much easy to get granny to install bonzai buddy than it is a network engineer with user/pass for main routers.
